1
PublicDateAtUSN: 2010-03-03
2
Candidate: CVE-2010-0156
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
6
http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
7
http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
8
https://usn.ubuntu.com/usn/usn-917-1
10
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to
11
overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout,
12
(2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux
17
https://bugzilla.redhat.com/show_bug.cgi?id=502881
23
upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/0aae57f91dc69b22fb674f8de3a13c22edd07128/diff
24
upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/0dee418554151289b13136c43f0d1d6484efbac7/diff
25
upstream_puppet: released (0.25.2)
27
hardy_puppet: ignored (reached end-of-life)
28
intrepid_puppet: needed (reached end-of-life)
29
jaunty_puppet: ignored (reached end-of-life)
30
karmic_puppet: released (0.24.8-2ubuntu4.1)
31
lucid_puppet: not-affected (0.25.4-2ubuntu3)
32
maverick_puppet: not-affected (0.25.4-2ubuntu3)
33
natty_puppet: not-affected (0.25.4-2ubuntu3)
34
oneiric_puppet: not-affected (0.25.4-2ubuntu3)
35
devel_puppet: not-affected (0.25.4-2ubuntu3)